1 results (0.004 seconds)
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0
CVE-2023-0475 – Go-Getter Vulnerable to Decompression Bombs
https://notcve.org/view.php?id=CVE-2023-0475
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. A flaw was found in the HashiCorp go-getter package. Affected versions of the HashiCorp go-getter package are vulnerable to a denial of service via a malicious compressed archive. • https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 https://access.redhat.com/security/cve/CVE-2023-0475 https://bugzilla.redhat.com/show_bug.cgi?id=2170844 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •